Forum

Hi Hugo

I have had to disable BanOnTimeout that i had been using for some time without issue because recently i was getting kicked quite often using Firefox or IE. I tried from 2 different IPs.
For what reason would I get timeouts ? I've set it to 0 now and have no issue but i was wondering why
I use TimeForRequest = 5,30

Hiawatha version: 9.11
Operating System: W7 x64

Hmm, that surprises be, because nothing has changed to the BanOnTimeout setting. When I have the time (will be in a few days), I'll take a look.

My issue has not started with version 9.11, rather 9.10 or the previous and I have changed my hiawatha config a few times so I am not able to really isolate the issue.
What could cause timeouts using a regular browser and getting simple html files?

I do not encounter the problem on 9.10 and 9.11 or earlier. BanOnTimeout is working fine. May be you need to adjust other settings, such as ban for something.

Thanks for your answer samiux, do you have any example of other settings to be adjusted? I know about TimeForRequest only

@kfft,

I set up my Hiawatha web server like this - http://secure-ubuntu-server.blogspot.com

thank Samiux, my setup is with Windows7 x64
beside this timeout kicking issue i have had no issue with my setup which is working flawless.

Hi Hugo,

I too am experiencing BanOnTimeout events.

SETUP:
Debian Stable (Wheezy 7.x - i686)
Hiawatha v9.11 (Packages maintained by Chris Wadge.)
Test website (HTTPS) using FastCGIserver
Qupzilla v1.8.6 (webkit) on separate client machine
Private LAN for testing

CREATE TIMEOUT:
Qupzilla web browser configured to start up with my test website in one of two tabs (start page plus my website). So, restarting Hiawatha (config file BanOnTimeout = 300) and then starting Qupzilla, the 'system.log' shows:

Thu 29 Jan 2015 15:10:15 -0700|Hiawatha v9.11 stopped.
Thu 29 Jan 2015 15:10:16 -0700|Hiawatha v9.11 started.
10.97.113.2|Thu 29 Jan 2015 15:11:19 -0700|Client banned because of connection timeout
10.97.113.2|Thu 29 Jan 2015 15:11:19 -0700|Client kicked
10.97.113.2|Thu 29 Jan 2015 15:11:19 -0700|Client kicked
10.97.113.2|Thu 29 Jan 2015 15:11:19 -0700|Client kicked

I have also experienced rare and intermittent banning with Firefox v35.0.1. Note, starting Qupzilla pointing to my test website is not a requirement to create this prolem, it just makes reproduction easier.

The feature works as intended, just tested it again. But probably your browser make connections without using it, just in case of an extra request. If you don't experience attacks in which clients try to DoS your server by only making connections without doing anything, then you better ignore this setting. Ban options should only be used in case you experience some clients bugging your server.

What you experienced is exactly what I experienced RaulC with both IE 11 and FIREFOX 35 .
True I am a heavy user of a Hiawatha servers but this happen to me with very straightforward html get .
I have now switched BanOnTimeout to 0 and I am not experiencing any issue anymore.
If Hugo says it works as expected it does and I will stop my investigation here. But it shows that most browser make connection without using them and that the filter as is is therefore too strict for regular users/browsers.

FYI, I have now also seen the above behavior using current versions of Google's Chrome (v40.x) and Chromium (v39.x) on Ubuntu. I have not tested Safari (and probably won't).

When I remove BanOnTimeout from my config file all is well. So, I have now left it out completely as I don't see it as a viable defense mechanism.

On the plus-side, other than the issue above, Hiawatha is a joy to work with. Hugo, your work and effort in creating this fine, complex system is much appreciated, thank you.

Hi RaulC. Thanks for your feedback!

Same, I have turned it off and Hiawatha still work as well as ever!